Описание
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.7 (включая) до 3.0.53 (включая)Версия от 4.0.4 (включая) до 4.0.16 (включая)
Одно из
cpe:2.3:a:hunesion:i-onenet:*:*:*:*:*:*:*:*
cpe:2.3:a:hunesion:i-onenet:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00357
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
EPSS
Процентиль: 57%
0.00357
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-434
CWE-434